The Hitchhiker’s Guide to the GDPR – all you need to know about the new rules

Everyone has already heard about the new GDPR law and numerous discussions caused by its forthcoming. Almost everyone has also heard the rumours about huge penalties and fold ups. You feel totally disoriented and you need an advice? Here it is.

There is an excellent book, “The Hitchhiker’s Guide to the Galaxy”, and its main rule is very simple “Don’t Panic”.

But what should you do if you are the website owner, and you have much more worries than even someone hitchhiking through the galaxy?! Once again — don’t panic!

First of all let’s figure out what all this fuss is about.

In the world of hi-tech and the Internet, the problem of illegal personal data collection is more and more topical every year. Most part of applications, websites, and social networks requires your private information. Sufficient amount of this data is then used in personal, commercial and sometimes even criminal purposes on a daily basis. Very often you are not aware that this is happening.

Recently, the EU took care of its citizens again and adopted such an outstanding law as GDPR.

In fact, this law expresses concern for private data of EU citizens. Now nobody is able to use your personal data without permission and users must also give permission before the external online connection is established.

Does it seem to you, that the problem was totally solved? Not a chance! The predecessor of GDPR law applied only to large companies which have more than 300 employees, and their websites. All the others left out of sight.

Later this misstep was taken into account and now GDPR applies to every company which has at least one European client.

What do people think about GDPR?

All these exceptional measures have been taken to protect common users. But how do they actually feel in this situation? Are they happy? Let’s learn.

“GDPR is coming, I remove services Google Maps, YouTube from my site”

“I feel proper confused, I need some practical guidance as to what steps small businesses need to take to meet GDPR legislation. Any ideas?”

“I’m a photographer, I sell my photos on various websites, I make posts on Facebook. Judging by my reading, now I need permission from random people caught in the lens for posting on Facebook or elsewhere. This is a joke?”

Yes, it’s hard to believe, but it seems that from now on you must delete all analytic services (like Google Analytics or Google Maps). You also should not use any CDN services and even YouTube or Facebook.

That’s what users think. And what about people who provide pre-installed and customized systems (including plugins), what about the developers? Their situation is even worse.

“I know I’m confused. I read some articles, it’s still not clear on what we, as web hosters, need to do to comply with this new legislation. As usual, lots of vagueness and no certainties. No wonder 99% of businesses are ignoring it.”

“We have 10k people in our mailing list which we’ve accumulated over MANY years. 30% people have chosen to opt in to our GDPR email. The other 70% have either not responded. This means we will lose them from our database. Does this sound normal/correct?”

Lack of accuracy, too vague norms and control over them. Most part of the developers and website owners is eager to embark on road of truth and comply with the rules. But as soon as they do not know exactly, what should they do, they panic and delete everything randomly from websites to save their projects and protect themselves from penalties.

So, is this Rubicon? Is it a one way ticket away from our everyday life? Should we say goodbye to the services that we used before? Most of the websites use Google Analytics, Google Maps, various plugins and services. Is there any chance to use them with GDPR? Why not. You can keep on using them, though you should follow the rules that agree with GDPR.

I am a developer. What should I do regarding GDPR?

Here are the main rules:

All you need to do is to notify your site visitors about the 3rd party services that you use on your website, and the fact that they may collect data about IP addresses, cookies, sessions and browser information.

Ensure of data processing transparency on your website. In what way? Any data processing that occurs on your website should be clearly indicated (for example, in your privacy policy) This is the requirement of GDPR. Do you follow it? Perfect. Next.

Get permission to use cookies from your users. This is an important policy for your website to meet the requirements of GDPR.

Now the main feature. Buttons. Many buttons. Notification, checkbox, popup. Inform all users about collecting personal information and get their permission.

The law is respected, EU citizens are now out of danger, and of course no illegal data.

This is applicable to any outbound connections and services.

Voice of God Is Government

Every day and night, always The Government takes care about us, burns witches at the stake, searches for water on Mars, fights for real religion, and now it aims for true privacy. But did they even notice the reverse side of these improvements, which turned out to be problems for us — users, developers, website owners?

This system is a vicious cycle. Some services just do not conform to GDPR policy. Without these services the functioning of websites is almost impossible, and sometimes it makes no sense. Website administrators are forced to put tons of notifications about the processing of personal data and agreements to its usage.

It seems that there will be no changes in the work of websites and services except additional buttons. But under these “agreement” buttons anyone can hide any terms of data usage. Literally. And most part of users will agree without any doubt, because, let’s just admit this, very few people read multi-page documents with a bunch of legal terms.

So what do we have exactly with the advent of new Internet-political regime?

For users it means dozens of unnecessary actions that they need to take even to start using the websites.

Site owners have panic attacks, lots of questions and a lack of answers, so they attempt to rebuild their websites following vague rules and regulations.

Scammers and fraudulent people have a new opportunity to deceive users on a daily basis, because everybody will get used to click “OK, I agree.”

Will this system be effective in the future?Will it bring more negative or positive effects?

Time will show.

The main thing now is to stay afloat in a vortex of these changes and we hope that our article has helped you in this.

If you are unable to find an answer, then feel free to reach out to us using our contact form. You may also want to get more information about GDPR, so you can find it in our next article.